How Crypto Gets Hacked - A Classic Case of Hacking
Part 4: Ethereum Classic and 51% Attacks
**Note: This post is too long to fit in an email. Please click the title to view the entire story.**
I started my crypto journey answering the basic questions of how this works, why this important and why I should be paying attention. But then I wondered “What could go wrong? How does a crypto protocol get hacked and what happens after?”
Im starting this mini-series to help you discover what I found. Hope you enjoy.
Disclaimer: I’ll be talking about individual crypto projects in this series but this is for informational purposes only and not a solicitation to buy or sell any cryptoassets.
Do your own due diligence.
Last time I discussed how the Ethereum Blockchain split in two as a result of THE DAO hack. The blockchain forked and the old blockchain was left for dead, or so the Ethereum community thought. What actually happened was many miners stayed on the old blockchain, and this blockchain became known as Ethereum Classic.
Ethereum Classic was similar to Ethereum at the time: the protocol could be used to create smart contracts, which were stored on a distributed ledger on the blockchain, they used a proof-of-work consensus system to verify transactions on the blockchain, and all that good crypto stuff.
But there have been changes since the two blockchains forked. In 2017, Ethereum Classic hard forked again in order to diffuse the “difficulty bomb” which would have made it nearly impossible to mine for ETC rewards in the future. It would have increased the mining difficulty so much that it would no longer profitable to mine for ETC, and would freeze the protocol creating an “ice age.”
They diffused the difficulty bomb, made changes so they would never go to a proof-of-stake mining algorithm, and ensured that Ethereum transactions would never be valid again on the Ethereum Classic blockchain. They also changed to new blockchain client (the software that runs a node in the network) and implemented a new programming language. They wanted to differentiate themselves from Ethereum and Bitcoin in an ever-evolving cryptoverse.
Then on January 7th, 2019, Coinbase and others began to notice the Ethereum Classic blockchain was “reorganizing” itself. A blockchain is basically a commonly shared transaction history, and someone was trying to rewrite that history.
From Coinbase’s blog:
If a single miner has more resources than the entirety of the rest of the network, this miner could pick an arbitrary previous block from which to extend an alternative block history, eventually outpacing the block history produced by the rest of the network and defining a new canonical transaction history.
This is called a “chain reorganization,” or “reorg” for short. All reorgs have a “depth,” which is the number of blocks that were replaced, and a “length,” which is the number of new blocks that did the replacing.
Coinbase decided to halt all Ethereum Classic transactions until they could figure out what was going on. Turned out that a single mining pool had taken control of most of the hash rate (the computing power used to verify transactions on the blockchain) and they were now using it to commit a 51% attack.
What is a 51% attack? It’s when either a single miner or group of miners control more than half the hash rate, and use that power to halt transactions between users and reverse completed transactions as well. This means they could double-spend coins, which is when the attacker mines a different version of the blockchain in secret. When they send some coins to someone, they can later mute that transaction by publishing their secret version of the blockchain in which they still retain ownership of the coins. It’s like paying for a hot dog and then grabbing the money right back. This is exactly what the attacker did, rewriting transactions so the attacker would receive the coins instead of someone else. Graphic from Coinbase below:
But thankfully (and strangely) it turned out this person had hacked the network with no intention of stealing the ETC. According to gate.io, who lost $100,000 worth of ETC in the attack, the attacker reached out to them to say they were returning the stolen coins. Gate.io suspected that this was a white hat hacker, trying to show them the vulnerability of a blockchain consensus network.
This time, the attack had a happy ending. They wouldn’t be so lucky next time.
So when a miner/mining collective decides to commit a 51% attack, what can they do?
From the Bitcoin Wiki:
An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
Reverse transactions that he sends while he's in control. This has the potential to double-spend transactions that previously had already been seen in the block chain, affecting all coins that share a history with the reversed transaction.
Reverse confirmations for any transaction that had previously been seen in the block chain while he’s in control.
Prevent some or all transactions from gaining any confirmations.
Prevent some or all other miners from mining any valid blocks;
The attacker can't:
Reverse other people's transactions without their cooperation (unless their coin history has been affected by a double-spend)
Prevent transactions from being sent at all (they'll show as 0/unconfirmed)
Change the number of coins generated per block
Create coins out of thin air
Send coins that never belonged to him
TLDR: the attacker can’t create new coins, only change some of the transactions so that the coins flow back to him/her. They can’t just do whatever they want. It’s also important to note that it’s very difficult to sustain a 51% attack because it costs so much to make it last.
Satoshi Nakamoto said this in the original Bitcoin whitepaper:
“If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.”
However, if a node in the network is not “honest,” and they hold control over most of the hash power, that could mean the blockchain is temporarily compromised.
Which is exactly what happened again to Ethereum Classic in 2020.
“Honesty is a very expensive gift, Don't expect it from cheap people.”
―Warren Buffett
On July 31st through the next morning, the Ethereum Classic blockchain suffered another reorganization caused by a 51% attack.
At first, the ETC community seemed to believe that it wasn’t anything to worry about. They thought it could have been an old mining rig coming back online. But a few days later Bitquery.io came out with a detailed analysis of what really happened:
Ethereum Classic yesterday experienced a huge ‘51% attack’. One miner generated a series of more than 3500 blocks, as a huge fork from block 10904146 till 10907740. He mined these blocks for many hours and broadcasted them afterward to other miners. As this sequence of the block had more weight than the chain, built by all other miners, they had to accept these blocks, effectively replacing the blockchain history with attacker’s one.
The attacker didn’t even need to be running his/her own large mining operation. They bought the extra hashrate power through a “mining hashrate provider” for 12 hours. It only took 17.5 BTC, or around $192K at the time, to overcome the 51% threshold and take control of the network. The lower the hash power of the network, the easier it is to commit a 51% attack on it.
During this time the attacker was able to double-spend coins and ended up stealing 807,260 ETC ($5.6 million). But at least they were kind enough to help support the network:
The attacker also got 13K ETC as a block mining reward, which we are not including in our double-spent calculation.
Bitquery.io gave a timeline of the attack:
July 29–31: The attacker withdraws 807K ETC from a Crypto exchange to several wallets.
Jul 31, 16:36 UTC: The attacker started mining blocks by purchasing the hash power for double price from provider, as we found in the first article. The total cost of mining is approx 17.5 BTC ( ~$192,000 )
Jul 31, 17:00–17:40 UTC: The attacker created private transactions, sending money to his/her own wallets, and inserted these transactions in the blocks he/she was mining. No one saw these transactions because the attacker didn’t publish the blocks.
Jul 31, 18:00– Aug 1, 2:50 UTC: The attacker sends money back to the Crypto exchange using intermediary wallets on the non-reorged chain, which was visible to everyone. During this, the attacker has plenty of time to monetize this money — convert to USD and withdraw or change them to BTC, whatever. Long attack duration (12 hours) allowed attackers to split operations into smaller parts to avoid any suspicion.
Aug 1, 4:53 UTC: The attacker publishes his/her blocks with the version of the transaction created in step #3 and executed the chain re-organization. It means that transactions on step #4 replaced with transactions on step #3.
At least it was over. Lightning can’t strike twice can it?
While the Ethereum Classicists were still licking their wounds and trying to figure out what to do next, just five days later the same attacker struck again.
This time, the attacker successfully double-spent 238,306 ETC ($1.68M) and again got a block reward of 14.2K ETC as the cherry on top.
Bitquery keeps track of miner distribution on the ETC network, and it’s clear from the chart when the attacks occurred:
The attacker used the funds gained from the last attack in order to commit this one. Then they collected all the ETC from the double-spends to one address and distributed the stolen ETC to various other addresses. Finally, they sent the ETC through another maze of addresses which ended up on some unknown exchanges. The attacker presumably converted the ETC to fiat or other cryptocurrencies from there (see the Bitquery post for details and graphics).
Ethereum Classic tried to warn all the exchanges and others to halt all trading and transfers to try to contain the damage, but it may have been too late by then:
After the attacks, the CEO of Ethereum Classic Labs made a statement. He seemed to believe that the network was working as intended:
Some fault the Ethereum Classic Blockchain itself. I don’t accept this either. In fact, the Ethereum Classic protocol operated exactly as it was designed to. The blocks that the malicious miner presented were valid according to the consensus rules because they had greater total difficulty than the blocks they replaced. For that reason, we are not going to rollback any transactions. You know, code is law and all. The cause, the weakness that the attacker was able to exploit, is simply that ETC’s hash rate was too low. This made ETC vulnerable, and it was relatively affordable for an attacker to achieve single miner dominance.
To believers in Ethereum Classic, “code is law.” This is why after all these attacks they have never returned any of the stolen funds like Ethereum did in the aftermath of THE DAO hack. It’s not their responsibility if you get swindled, it’s not the protocol’s responsibility either, it’s YOUR fault for using it in the first place. Quite a marketing statement.
Thoughts:
You might read this and assume as soon as your network is unsecure, that’s the end of the game. But you’d be wrong. Because ETC still trades today and is not only surviving but thriving after multiple dreaded 51% attacks.
Keep in mind, this is the type of attack Bitcoin’s opposition is most worried about. It turns out that even if Bitcoin were to get attacked, they could still find a way to continue on.
A cryptocurrency can be hacked, it can be hacked multiple times, and yet still remain standing. Even in a 51% attack, the protocol itself and how it operates was not hacked or changed at all. This tells you just how resilient these protocols can be.
In the case of ETC (Ethereum Classic), they even seem to be thriving again. In a post from January, one ETC proponent lays out how he thinks the cryptocurrency could reach $7000 within ten years. He wrote that when it was trading at $7, and it’s now currently trading around $53. Grayscale has had an Ethereum Classic Trust since 2017, and agreed to fund the ETC developers for another 2 years in 2020. They also appear to be adding more ETC to their balance sheet, not less.
A few other things I want to point out:
This type of hack, if you can call it that, needs to be an inside job done by fellow miners (or stakers).
The network can be trustless, but you need to trust everyone operating in it.
Everyone in the network needs to continue to be a believer in the network.
This is true for all the consensus networks, including Bitcoin. There was a popular article in 2020 where a blogger supposedly dispelled the myth that concentration among Bitcoin miners was not an issue. He claimed that even though concentration was inevitable for the future of Bitcoin, it was not a risk because it would always be more profitable to continue to mine for the network rather than attack it:
Satoshi realized the only way to prevent a “greedy attacker” from taking over is to make it more profitable to play by the rules than to attack the system.
When I read this, Daniel Kahneman and Richard Thaler started screaming in my ear:
“This assumes that all the participants are acting rationally, but humans are irrational creatures.”
A miner wouldn’t need a good economic reason to attack the network as long as they believed it was good reason.
Also, profit may not be the only motive for an attack, as the Ethereum Classic Labs pointed out in the statement mentioned above:
So instead of focusing only on Ethereum Classic, please recognize that this is a universal weakness. We rely on the idea that economic incentives for miners will help secure a PoW chain. However, economic incentives are calculated subjectively. Or to put it another way, attacks usually have a political or social motive in addition to a financial one, and these attacks fit that profile based on our initial analysis. I don’t think PoW chains are well equipped to mitigate the risks of interference from actors for whom economic incentives are secondary.
This ties into worries that China or some other entity may crack down on cryptocurrencies, and to me it seems like it could be a real threat at some point. Granted it would take so much time, effort and money, it may not even be worth it.
Having said all that, I still think there is a future for crypto. Maybe it’s irrational and I’m turning into a crypto-hippie. But I can’t deny the resilience of these protocols and the ability to get right back up. I see and hear the belief in the voices of crypto’s strongest advocates and believe they want this new economic world to happen more than anything. They are working and willing it into existence.
Belief is everything when it comes to crypto. And if enough rabid fans still believe after a 51% attack or other hack, they will simply rebuild the blockchain or fork it and try again. Like a religion, or a culture, or a nation, or any of these other modern myths that we tell ourselves, a cryptoasset doesn’t fall until the last believer falls with it.
Thanks for reading.
Further Reading:
Crypto Security Firm Slowmist did an analysis of the 2019 Ethereum Classic attack if you want to check it out here.
Bitcoin Gold was another cryptocurrency that had a 51% attack back in 2018, the 26th largest cryptocurrency at the time, proving they were possible. The currency BTG is also still trading despite the attack.
Another helpful guide: